[strongSwan-dev] strongSwan RSA signature vulnerability

Tobias Brunner tobias at strongswan.org
Thu May 31 17:50:56 CEST 2012

Hi Yaron,

> Please clarify: is the "gmp" plugin used for this purpose by default, 
> e.g. when no specific pugins are specified in strongswan.conf?

That depends on the flags used with ./configure.  But in general, the
"gmp" plugin provides the default RSA implementation on Linux.  As a
workaround the "openssl" and "gcrypt" plugins may be used which are both
not affected by this vulnerability.


More information about the Dev mailing list